Tails — Privacy for anyone anywhere

intrigeri

June, 2014

What what who

Who I am

  • Tails contributor
  • Debian developer

What is Tails

The Amnesic Incognito Live System

https://tails.boum.org/

A Live operating system

  • works on (almost) any computer
  • boots off a DD, a USB stick, or a SD card

Preserving privacy and anonymity #1

  • use the Internet anonymously and circumvent censorship:
    all connections to the Internet are forced to go through the Tor network
  • leave no trace on the computer you are using unless you ask it explicitly

Preserving privacy and anonymity #2

  • cryptographic tools:
    encrypt your files, emails and instant messaging
  • media production tools:
    sound, video, office publishing, graphics...

Other features

And... it works?

  • According to the NSA, yes :
    "(S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor
    (S//REL) Adds Severe CNE misery to equation"
    (Thanks to a famous Tails user for providing these documents.)
  • Bruce Schneier, December 2013 :
    "What do I trust? I trust, I trust Tails, I trust GPG [...]"
    "I don't use Linux. (Shhh. Don't tell anyone.)
    Although I have started using Tails""

Usability: a security feature

Our starting point

  • privacy and anonymity: collective matters
  • more secure tool, but less usable
    ⇒ collectively, less security

Our hypothesis

Often usability matters more than "pure" security.

Make a "baseline" security level (privacy, anonymity) very accessible
⇒ Tails is widely used
⇒ more contributors
⇒ energy ↗ to improve security without decreasing usability

Examples

  • GNOME desktop
  • desktop cryptographic tools (Seahorse, OpenPGP applet, GNOME Disks)
  • integrates the "Spoof MAC address, or not" decision in a user-friendly way
  • documentation
  • translations
  • warnings
  • WhisperBack

A small delta, to avoid drowning

History lesson

Often, specialized distributions die quickly.
At least in this area.
✝ Haven, Anonym.OS, ParanoidLinux, onionOS, Phantomix and many others. RIP.

Why?

  • small teams, not organized to grow
  • underestimation of the maintenance and user support work
  • no long-term commitment
  • NIH

Our hypothesis

  • focus on maintainability
  • avoid having a delta that grows too much, or too fast, wrt. our upstreams

Examples: what we did not do internally

... despite pressure:

  • grsecurity
  • compile-time hardening

Examples: what we did internally

... but should share:

  • OpenPGP applet
  • erasing memory on shutdown

Examples: what we're doing upstream

  • AppArmor
  • libvirt
  • Seahorse
  • Debian
  • Debian Live
  • fix OTR downgrade → v1

Consequences #1

  • little Tails-specific code
  • glue work
  • "social" work:
    talk to upstreams
    spread the word about our needs
    find skilled people to do the work at the best place
  • slow rhythm (waiting the next Debian release, and sometimes the one after), despite backports

Consequences #2

And, above all...

Tails is still alive!

Challenges

Cadence & popularity

  • new release every 6 weeks
  • about 10k boots a day, doubles every 6-9 months

Limited resources and time

  • mostly volunteer work
  • 2000 commits, by ~10 persons, on the last 6 months

Roadmap

Overview

  • welcome more varied contributions
  • ... from more varied people
  • make our life easier
  • make Tails (even) more usable
  • better protect users against targeted attacks

This summer

  • Tails 1.1 — July 22: Debian Wheezy, UEFI

And then

Tails needs you, for...

Translation

Translators can allow more people around the world to use Tails.

https://tails.boum.org/contribute/how/translate/

Documentation

Good writers can make Tails accessible to more people.

https://tails.boum.org/contribute/how/documentation/

  • #6318: Fix key trusting instructions to work when we update our signing key
  • #6469: Document the workflow to upgrade Tails from ISO using 2 USB sticks

Tests

Early testers help improve Tails quality.

https://tails.boum.org/contribute/how/testing/

  • #5174: Test Pidgin SSL validation in Debian unstable
  • #5709: Test OnionCat unidirectional mode for VoIP

Design

Web and graphics designers can make Tails easier to use and more appealing.

https://tails.boum.org/contribute/how/website/

https://tails.boum.org/contribute/how/graphics/

  • #7258: Make the logos on the homepage clickable
  • #6323: Improve the CSS of the boxed titles
  • #6361: Create a stylesheet for the contributor's role

Usability

User interface and user experience experts can make Tails easier to use and more appealing.

https://tails.boum.org/contribute/how/user_interface/

  • #7437: Design a progress indicator while establishing a connection to Tor
  • #6417: Evaluate Tails Greeter revamp proposals

Code

Software people with very diverse skills can improve Tails.

https://tails.boum.org/contribute/how/code/

  • #5917: tails-greeter password field : Warn when caps-lock in ON
  • #6918: Track hardening status of the binaries shipped in Tails
  • #5881: Add reboot button to persistence setup assistant

Infrastructure

System administrators can improve the development and quality assurance processes.

https://tails.boum.org/contribute/how/sysadmin/

  • #6295: Evaluate consequences of importing large amounts of packages into reprepro
  • #6891: Monitor broken links on our website

Debian

One can improve Tails (and other Debian derivatives, such as Freepto ;) by contributing to Debian.

https://tails.boum.org/contribute/how/debian/

Money

Those who have too much money can speed up the development of Tails.

https://tails.boum.org/contribute/how/donate/

Where to start?

Tell us about your skills and desires,

we'll help you get started :)

Contact

Talk to us

  • I'm here.
  • Development mailing-list:
  • Mailing-list for translators:
  • Early testers mailing-list:
  • Private and encrypted mailing-list:
  • IRC: see https://tails.boum.org/contribute/
  • Web: https://tails.boum.org/